Updated WordPress Plugin Security Testing Cheat Sheet (markdown)
Jared
@@ -102,7 +102,7 @@ Example regex: `wpdb->(query|get_var|get_row|get_col|get_results|replace)\((?!.*
|
||||
|
||||
Unsafe escaping ('securing') API methods:
|
||||
|
||||
- ```esc_sql()``` function does not adequately protect against SQL Injection [https://codex.wordpress.org/Function_Reference/esc_sql](https://codex.wordpress.org/Function_Reference/esc_sql)
|
||||
- ```esc_sql()``` function does not adequately protect against SQL Injection [https://developer.wordpress.org/reference/functions/esc_sql/](https://developer.wordpress.org/reference/functions/esc_sql/)
|
||||
- ```escape()``` same as above
|
||||
- ```esc_like()``` same as above
|
||||
- ```like_escape()``` same as above
|
||||
|
||||
Reference in New Issue
Block a user